Re: external server authentication and licensing

d-42 wrote:
On May 15, 4:41 pm, Chris Brown <cbr...@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

ESA from the FM documentation is the recommended method as I interpreted
it. It is a booking system so security is an issue.

External Authentication is the "recommended" solution because it
integrates with an organizations existing centrally managed systems
(e.g. Apple Open Directory or Windows ActiveDirectory).

It's not inherently more secure. Its not inherently better.

ok, that changes the perspective somewhat.


Its just really convenient if you already have all these accounts and
groups set up -- and then you can have filemaker's security integrate
with it and manage it all centrally. This beats having to recreate and
manage them again separately in filemaker.

Yes, a significant advantage.



But if an organization doesn't manage these external accounts in
active directory, and the ONLY purpose for creating these accounts is
to manage access to filemaker, there is really no point to it at all.

It anything its just a whole lot of extra needless clutter in what
was, until now, a simple SBS setup; with the added bonus, that if you
have any trouble with active directory, your website goes down too.

ok, noted.



As stated, my understanding is that ESA is the recommended method.


Recommended for organizations that can derive some sort of benefit
from having all the accounts in active directory... usually because
all those accounts already are in active directory.

Ok. So the principle reason for using active directory, is if the
accounts already exist. As it is, they don't, so setting up individual
accounts is back on the table. My issue with this is that while I have
existing scripted account creation in other solutions, that I can easily
migrate; ongoing management of large numbers of accounts in the FM files
themselves, is not a very palatable option; considering inevitable
co-ordination between in-use and developer updates...

Hence a significant advantage to SEA from an external developer's
perspective, is having the account configuration on their server.





Implementing active directory for 1000 external accounts, upgrading
SBS to Standard server, and purchasing the External Connector license,
all for the sole purpose of managing access to filemaker is, no
offense, absurd.

none taken. This is new territory, the joys of windows server
environments is one vice I prefer general abstinence; but situations
necessitate...




If SMB itself is the issue, and vanilla windows server
(2003/2008) as the domain controller allows unlimited users, then this
would be the comfortable option.

Nobody sets up a 1000+ Active Directory accounts for external
customers simply to manage access to a database driven website.


So what do they do? Given the nature of the database (a booking system)
, a common login is not really suitable (clients come and go...)
Given that the account need to be created from scratch, and accepting
update of the SBS domain server is not an option, is using server
external authentication and accounts defined in AD on the FileMaker box
itself (which runs under win server 2003) a reasonable alternative?

I recognize this may sound like one has not registered:
Nobody sets up a 1000+ Active Directory accounts for external
customers simply to manage access to a database driven website

but the accounts need to be configured somewhere; and ActiveDirectory
based seems more manageable than doing it in the database files.

This would be as the SEA tech note scenario 1.
The complication is the requirement to remove the FMS box from the domain...




regards

chris

.

Relevant Pages

  • Sending email to mydomain.com
    ... They do not offer an smtp server, ... different from the user account names for the exchange ... I added one user account in the POP3 Mailbox Accounts ...
    (microsoft.public.windows.server.sbs)
  • Re: Critical e-mail problem.
    ... I upgraded from Win2K Server to WinSBS2003 on my desktop ... of my POP3 e-mail accounts as an Exchange Server account. ... I found that I was only receiving mail from the Exchange ... your Outlook profile will have Exchange as its default (and this ...
    (microsoft.public.windows.server.sbs)
  • Re: Critical e-mail problem.
    ... I upgraded from Win2K Server to WinSBS2003 on my desktop ... of my POP3 e-mail accounts as an Exchange Server account. ... I found that I was only receiving mail from the Exchange ... your Outlook profile will have Exchange as its default (and this ...
    (microsoft.public.windows.server.sbs)
  • POP3 Connector and Exchange Server 2003
    ... Server Management -> Users (Active Directory). ... >should update the accounts> YES. ... >policy, each user account property has the .local email ...
    (microsoft.public.windows.server.sbs)
  • Re: Integrated security - why not?
    ... Let me explain why we seldom use Integrated Security for Internet asp.net ... how could we setup accounts for them? ... !server to the public network with services such as SQL Server (remember SQL ... The DC at the ISP is not for our own use. ...
    (microsoft.public.dotnet.framework.aspnet.security)